I monitor for failed authentications on DC’s.
labels: Authentication | Fail | Kerberos | User
My top failed authentications is on one client/one account that I can’t hunt down. I have looked at all process’es and their “credential’s” + installed sysmon on the client. But I can’t find the process or user. Any ideas how I could hunt this down?
Best answer by Gustav Elkjær RødsgaardView original